Re: What is $sys$DRMServer.exe and why is ZoneLabs 6 warning me about it?

Re: What is $sys$DRMServer.exe and why is ZoneLabs 6 warning me about it?

When you boot into Safe Mode, Windows loads alot less drivers and other things that would normally get loaded. It only starts the basic things it needs to function. Safe Mode is good for booting into to trouble shoot systen instability. So it seems that when you booted into safe mode it stopped windows from loading whatever it was that was hiding those files from you. You seem seem to know your way around your computer pretty well, I always rename things whatever.bak whenever im not sure if I will still need them later or not. As for the registry entries, well the ones you mentioned before are just involved in it running as a service and are harmless with the file being disabled. As for what the thing does, well I have no idea. You might want to run a virus scan while in safe mode and see if it gets picked up then. As for the names it was using, bad guys like to give nasty things names that sound like other things so that the casual observer wont suspect anything.Wanna try an experiment?Re-enable the file (temporarily), go into that directory that it was in and make a new file. Name it something starting with $sys$ , so for example make a new text file and name it $sys$test.txt and see if it disappears. If it does thenthis baddiewas programmed to hide files that start with $sys$ and I would search for anymore that start with that (search in safe mode). Keep in mind though that some legit directories and maybe files will start and end with $'s (like $NtUninstallKB893756$) but would not start with "$sys$"The bad news is that unless your virus scanner or something picks it up, there is no way of really being able to tell what it was up to (short of taking it apart) and if you got it all. Ill look into some more things about maybe uninstalling it as a service and let you know what I find.Musashi

Re: What is $sys$DRMServer.exe and why is ZoneLabs 6 warning me about it?

Good suggestion! I went to the $sys$filesystem directory, created a file called $sys$test.txt. Then did a dir. Guess what... my new file is not visible. Nor is the file I renamed to .bak. This was BEFORE I re-named the $sys$DRMServer.bak file to .exe. So there is more going on than my feeble brain can understand.. lol.

I do know my way around the os pretty well. I work for IBM and am a software tester on both Windows and Unix platforms. I work with a lot of guys who are really techie with regard to windows, the registry and hidden files etc. I've been on vacation the last couple of weeks and have not been in touch with these guys. I go back to work on Monday, and will ask around to see what our local support team might know about this file and what is going on. Also, I'm going to check my work laptop to see what might be lurking around in there.

Let me know if you find anything else out.. I will also post again after I talk with the tech guys at work.

Re: What is $sys$DRMServer.exe and why is ZoneLabs 6 warning me about it?

Good idea to ask around at work. It's always a good idea to take advantage of all the resources available to you. If you use your computer to connect to your work network at all then I would DEFINITELY make sure that your IT staff is aware of your issue, because then it is their issue too. (If you do, tell them you might have a root kit on your machine.) And I would not connect to it again untill you talk it over with your work. Also the fact that it hid those files even before you renamed the one back to "exe" is defintely a sign that something else is still running, meaning that the $sys$DRMServer.exe program was not what was doing the hiding. Things like this one tend to make all sorts of changes to your machine, scattered all over your OS and file system. Just assume at this point that you cannot trust what your computer reports back to you anymore when you look at running processes and search directories and such.Keep me posted, this is really interesting.MusashiPS. Make a log of any changes that you make to this evil thing. So if your tech guys want to study it they will know what you have done to it allready.

Re: What is $sys$DRMServer.exe and why is ZoneLabs 6 warning me about it?

I hope you peeps don't mind me jumping in on this thread but I had the same problem occur yesterday.I believe I have traced the problem to a mucic CD. I often listen to music on my pc and had just purchased a new CD, this being a US import ( I live in the UK) so the following may not apply to the UK version when it is released. I tried to rip the CD but it has a new form of copyright protection and installs its own software onto your PC so you can only play it from the disc.It is within this software that the problem lies. After playing the CD my normal ripping software failed to work on any type of disc. It may just be a coincidence or is this some kind of virus developed by the music industry to prevent people copying music. Is that legal? Maybe I am just paranoidTo cure the problem I did a system restore thus undoing any changes made by the music CD and todate I have had no recurrence.Was I correct in my assumptions on the music CD or did I pick up the problem somewhere else? Any thoughts and opinions would be much appreciated.Dave

Re: What is $sys$DRMServer.exe and why is ZoneLabs 6 warning me about it?

SidSnot,Seems possible, as some cd copy protection uses encryption software and thus must load iton your computer. If this is indeed the source of the files, it troubles me that they would go through such lengths to hide them. I also wonder why the software would attempt to access one's internet connection. Whatever the software is, I think it's evil. But that wouldnt stop the music industry from using it. If you dont mind me asking, what CD is it? What music lable was it released under? And does the cd mention anything about what kind of protection it is using? There are many different protection schemes out there. I would like to investigate this more, so any more info you would be willing share would be appreciated. The possibility that thismay bepurposefully and unknowingly installed on one's computer by a music cd intrigues me.Musashi

Re: What is $sys$DRMServer.exe and why is ZoneLabs 6 warning me about it?

Musashi_tzu, Sony is one record label that will actually do this by installing the Digital Rights Management (DRM)wich will actually tie itself to your CD-RW and will only allow you to make 1 copy onto your PC ,they do this as a copy Protection scheme,so you will not illegally share their copyrighted material,If you really want more info check out this article http://news.cnet.co.uk/digitalmusic/...9189658,00.htm

Re: What is $sys$DRMServer.exe and why is ZoneLabs 6 warning me about it?

Oh, I fully understand the reasons they do this stuff and am aware that its been around for a while now. My objection is the fact that this particular software was hidden from the operating system (and therefore user) and attempted to access the network .It was also set to run as a service. In my opinion there is no excuse for any of that. They say they want to control what people do with their music, and I say people should have control over what their music does to their computers. Ive had plenty of experience with DVD copy protection (for reasons I wont get into ) but I havent had a chance to see what these music lables are up to. If this software is indeed related to music CD copy-protection i want to see exactly what these sneaks are up to. IOWN my computer and I (and only I) get to say what goes on it and what doesnt, if someone wants to put something on it just because I want to listen to a CD, I want to figure out what they are up to and how to stop them, or at least how to remove it. And if someone else wants to get rid of it, I want to figure out how to help them get rid of it.Musashi

Re: What is $sys$DRMServer.exe and why is ZoneLabs 6 warning me about it?

Re: What is $sys$DRMServer.exe and why is ZoneLabs 6 warning me about it?

Sounds to me like you have some great taste in music.I also have this popping up on my PC and have also loaded VanZant "Get Right with the Man".I am not sure if we determined whether to allow or deny this warning yet.